6.7
CVE-2020-37165 - AbsoluteTelnet 11.12 - "license name" Denial of Service
AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license name field to trigger an application crash.
6.7
CVE-2020-37164 - AbsoluteTelnet 11.12 - "license entry" Denial of Service
AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license entry field to trigger an application crash.
8.8
CVE-2020-37163 - QuickDate 1.3.2 - SQL Injection
QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject UNION-based SQL statements to extract database information including user credentials, database nameβ¦
8.4
CVE-2020-37162 - Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow
Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608 bytes to trigger a stack-based buffer overflow and execute commands through theβ¦
8.4
CVE-2020-37161 - Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow
Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability to rβ¦
8.5
CVE-2020-37160 - SprintWork 2.3.1 - Local Privilege Escalation
SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain completβ¦
8.4
CVE-2020-37159 - Cuckoo Clock 5.0 - Buffer Overflow
Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution wiβ¦
8.7
CVE-2020-37157 - DBPower C300 HD Camera - Remote Configuration Disclosure
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessiβ¦
6.7
CVE-2020-37155 - Core FTP Lite 1.3 - Denial of Service (PoC)
Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte payload of repeated 'A' characters to trigger an application crash without requiring additional inteβ¦
7.1
CVE-2020-37154 - eLection 2.0 - 'id' SQL Injection
eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploadingβ¦